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Electronic identification is the 
focus of our first EGBA news 
of 2018. 


More and more consumers are 
seeing the benefits of using 
electronic identification when 
shopping online or accessing public services. 
But maintaining trust and security are two 
fundamental factors for ensuring consumers 
and businesses continue using electronic 
identification methods. This is ever more 
important in an age of online fraud and when 
more and more young people are active online. 





We are honored to receive in this edition 
of EGBA news contributions from both the 
public and private sector on the importance of 
electronic identification and its opportunities. 


Andrea Servida from the European 
Commission gives his take on the European 
Commission's main regulation in this area — 
the electronic IDentification, Authentication 
and trust Services (elIDAS) regulation — the 
advantages its brings to the private and public 
sector alike, and how it can ensure accurate 
age verification and help in the fight against 
fraud and money laundering, topics of 
particular importance for payments sectors, 
like the EU online gambling sector. 


Our second article comes from Marcel 
Wendt, CTO and founder of Digidentity, 
a digital identity service provider which 
is recognised as an elDAS Qualified Trust 
Service Provider. Digidentity works with both 
government and private sector entities, and 
explains how the service works in practice, 
and its benefits for both consumers and 
businesses. 


Maarten Haijer, 
Secretary General, EGBA 


Issue 27: Rolling out electronic identification 


Andrea Servida, Head of Unit 
“eGovernment and Trust” in the 
European Commission, explains to 
the EGBA that building trust in the 
online environment is a key element 
to the transition to a digital society. 


Without trust, citizens and businesses 
are reluctant to perform transactions 
electronically, concerned about being 
deceived by their counterparts. To 
build trust online, authentication and 
identification are crucial, because 
they contribute to ensuring the 
trustworthiness of digital transactions 
and accessibility to services, as well 
as enhancing the transparency of and 
accountability of business conducted 
online. 


For identifying and authenticating 
online business transactions, people 
can use electronic identification (elD) 
methods. One of the most used elD 
methods is the combination of a 
username and a password, but there 
are many others, like National Citizen 
Cards which contain an electronic chip, 
elD through mobile devices, or systems 
relying on biometrics. Understandably, 
not all of these methods provide the 
same level of trust. 


Trust in elD methods relies on the 
elD methods having high security 
standards both for the registration and 





“A good example of a trusted 
elD format are government- 
issued and/or recognised eID 
methods which come with a 
high level of assurance under the 
eIDAS Regulation.” 


Andrea Servida, Head of Unit 
“eGovernment and Trust”, DG 
Connect, European Commission 





the authentication processes. A good 
example of a trusted elD format are 
government-issued and/or recognised 
elD methods which come with a high 
level of assurance under the EU's 
electronic IDentification, Authentication 
and trust Services (eIDAS) Regulation. 
The trust placed in these elDAS- 
compliant methods relies on strict 
criteria for identity verification, including 
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checks against authoritative sources 
(e.g. queries to the national population 
registries) which are performed when the 
user applied to obtain an elD, and in the 
use of more than one identity verification 
measure in the authentication process. 


elD and the private sector 


The elDAS Regulation offers significant 
advantages for the private sector. 
For starters, the private sector can 
participate in the 
provision of — the 
national elDs schemes 
notified under elDAS, 
as has already been 
demonstrated by 
the pre-notification 
of Italy's elD scheme 
SPID, which is private 
sector-led'. 


But more importantly 

for the business and commercial sector, 
elDAS enables the identification and 
authentication of digital users across 
borders. Electronic identification means 
that are managed by a trusted source, 
such as government-issued and/or 
recognised elD means notified under 
the eIDAS regulation, are not only a 
way of identifying the user but are also 
an effective tool for implementing age 
verification. 


In effect, eID methods that are managed 
by a trusted source can, in most cases, 
assert with a very high degree of 
confidence whether the user is an 
adult. This level of accuracy relies on the 
fact that strict procedures of identity 
verification, including checks against 
authoritative sources, are performed 
during the registration phase prior to 
the elD being issued to the user. 
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This means that eIDAS- 
supported eID methods could 
be used as a possible way to 
fulfil ‘Know-Your-Customer’ 
and other customer due 
diligence requirements for 
non-face-to-face interactions, 
such as online gambling.” 


elD in the fight against money 
laundering 


elDAS also plays a role in the important 
fight against money laundering. This has 
been acknowledged in the EU's 5" Anti 
Money Laundering Directive, which 
recognises elDAS-compliant elDs as a 
capable tool for providing a legal proof 
of identity of the elD holder, equivalent 
to in-person verification. This means that 
elDAS-supported elD methods could be 
used as a possible 
way to fulfil “Know- 
Your-Customer” 
and other customer 
due diligence 
requirements for 
non-face-to-face 
interactions, such as 
online gambling. 


To further explore 

how to facilitate the 
use of elD across borders and “Know- 
Your-Customer” portability, through 
the identification and authentication 
tools under elDAS, a new European 
Commission expert group has been 
established?, which will convene in 2018. 


Also, payment transactions are 
increasingly being made online, eIDAS 
is a regulation which can help to 
authenticate the identity of customers 


common, secure communication under 
the Payment Services Directive. Reference is 
made to both elDAS-notified elD methods 
and trust services with elDAS-notified elDs 
referenced as a possible solution to ensure 
strong customer authentication. 


Last but not least, the Commission is 
working on promoting the acceptance of 
trusted elD means by online platforms’. In 
that sense, the Commission elaborated, 
at the end of 2017, draft Principles° 
and Guidance on elD interoperability to 
encourage online platforms to recognise 
other elD means — in particular those 
notified under the eIDAS Regulation — that 
offer the same reassurance as their own. 


These initiatives show that the rolling 
out of elIDAS is a huge opportunity for 
citizens, businesses across many sectors 
and public administrations to benefit from 
the untapped potential of trusted elD to 
enhance trust, convenience, privacy and 
accountability in the digital world. And 
in the process ensure that elD measures 
help protection consumers, prevent bogus 
payment transactions and tackle money 
laundering. E 


: https://ec.europa.eu/digital-single-market/en/news/first- 
private-sector-eid-scheme-pre-notified-italy-under-eidas 


2 http://ec.europa.eu/transparency/regexpert/index. 
cfm?do=groupDetail.groupDetailDoc&id=36277&no=1 and 
https://ec.europa.eu/futurium/en/blog/expert-group-electronic- 
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Online betting and gaming: 
the only risks are intentional... 


Nearly everybody leaves a digital 
paper trail of their personal data 
and identity on the internet - even 
when making simple purchases at 
web shops, playing on a gambling 
websites or being active on social 
media. 


These activities are not always secure 
and fraudsters are always looking 
for new ways to get a hold of your 
personal data. That is why | founded 
service provider Digidentity' almost 
ten years ago to better protect the 
digital identity of internet users and 
make online life more secure. 


My goal when | set out was to give the 
right to digital self-determination back 
to internet users. That may sound a bit 
complex but what it came down to in 
practice was the creation of a kind of 
digital safe that would securely store 
your personal data when you browse 
the web. Anyone who wants to use 
his or her digital identity, for instance 
to take out an insurance or apply for 
a building permit, can open that safe 
— but others cannot. The patented 
system is designed in such a way that 
even Digidentity staff can't steal digital 
identities. 


Safe and secure 


When it comes to identify verification 
online, there must be security and 
reliability on both sides. 


First, the reliant party, for instance an 
insurer, the tax authorities or a web 
shop, needs to be certain that you 
are actually who you say you are. 


Second the user, want a 100-percent 
guarantee that your personal data is 
in safe hands. It’s our job to guard 
that process. 


That is why ballots take place on both 
sides. The reliant party goes through 
a process to prove it can sufficiently 
protect this person’s personal data. And 
the users, costumers or businesses that 
want to purchase a service or log on to 
a website, must at one point present 
evidence to verify their identity, for 
instance with a passport. 
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JÁ 
Marcel Wendt, CTO and 
founder of Digidentity 





“When it comes to identify 
verification online, there must 

be security and reliability on 

both sides. First, the reliant party, 
for instance an insurer, the tax 
authorities or a web shop, needs 
to be certain that you are actually 
who you say you are. Second 

the user, want a 100-percent 
guarantee that your personal data 
is in safe hands. It’s our job to 
guard that process.” 





Digidentity provides the reliant party with 
that assurance and allows the user to log 
on with a single Digidentity mobile token. 


What are the benefits of protecting 
your digital identity online? 


They include: 


The use of a Digital identification renders 
cybercrime and identity fraud more 
complex. Users are optimally protected 
with regard to privacy and security. 


Secure login: Stricter requirements 
concerning security, reliability and the 
protection of personal data. 


Certainty for businesses about the online 
identity of internet users: increased 
authenticity and better authorisation 
mean service providers or websites can 
always be certain that they are doing 
business with the right persons. 


How does Digidentity work? 


If the user doesn’t have a Digidentity 
they need to register for it. Registration 


Digidentity accredited as eIDAS Qualified 


Trust Service Provider 


Digidentity recently has earned 
accreditation in the Netherlands 
as a Qualified Trust Service 
Provider under eIDAS (electronic 
identification, authentication and 
trust services — see the interview 
with Andrea Servida), the updated 
EU regulation standard for trusted 
electronic identification and 
transactions. 


Earning the highest and most 
qualified level of accreditation 


allows Digidentity to be named on 
the Europe-wide Trust Service List 
(TSL) as a provider of qualified and 
trusted services that meet strict 
regulatory standards regarding the 
validation of electronic signatures, 
covering both individuals and 
enterprises. Offering varying levels 
of qualification, this list acts as 

an EU-wide trust mechanism that 
increasingly supports automated 
verification of a service provider's 
status. 
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begins with the verification of the user. 
During verification, we check who 
a person is. This can be established 
on the basis of 
information submitted 
by the user and 
proven by providing 
identification 
documents. 


For the verification 
of the identification 
document Digidentity 
compares a selfie 
picture with the 
photo on the user's 
passport, checks if the 
passport is genuine 
and valid and, also, in 
order to prevent fraud 
we also check if the 
identification document is reported 
stolen or lost. 


Subsequently, Digidentity can do a 
sanction check (we verify if the user 


is on any sanction list worldwide) or 
a PEP check (we check if the user isn't 
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“With a Digidentity 
account, the user can log 
onto — for example - a 
gambling website. Logging 
in is as simple as scanning 

a QR code with one’s 
phone and confirming the 
authentication with one’s 
fingerprint or pin code. 
After logging in, relevant 
data and the user id are 
sent back to the company or 
gambling website, enabling 
age verification and a 
sanction check. 
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a Politically Exposed Person, someone 
who has been entrusted with a 
prominent public function). Digidentity 
can also match a 
name and address 
against banking 
details or (in the 
UK) verify the home 
address of the user. 


With a Digidentity 
account, the user 
can log onto — for 
example — a gambling 
website. And he or 
she doesn’t need 
a username or 
password. Logging 
in is as simple as 
scanning a QR code 
with one’s phone 
and confirming the authentication 
with one’s fingerprint or pin code. 
After logging in, relevant data and the 
user id are sent back to the company 
or gambling website, enabling a quick 
and convenient age verification and a 
sanction check. 


https:/Awww.digidentity.eu/en/home/#about 





Digidentity develops services 
focused on a unique digital 
identity, where the user and his 

or her privacy are key. Digidentity 
is also a supplier of digital 
certificates for web security 

and qualified digital signatures. 
Digidentity provides national 
digital identity solutions to the 
Dutch and British governments, as 
well as solutions for a wide variety 
of organizations. 


Our technology provides 
identities to more than 15 million 
Europeans and executes more 
than 250 million secure online 
transactions per year between 
people, organizations, and 
governments. 


Ne DIGIDENTITY 
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